I think it's time for a solution ⏰ TL;DR - Eventlet normalizes - to _ in header keys. - The Fetch spec blocks Transfer-Encoding but not Transfer_Encoding. - Bypass tracking policy on Firefox using open(). Detailed writeup 👇 mizu.re/post/twitter-e… 1/2

🔥 XSS on any website with missing charset information? 😳 Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: sonarsource.com/blog/encoding-… #appsec #security #vulnerability

📙 L'ANSSI publie son #CyberDico ! 🔎 Il recense les définitions en français et en anglais des mots, expressions et sigles du domaine de la #cybersécurité, de quoi parfaire vos connaissances en cyber et vous aider dans la rédaction de vos supports. 📎 cyber.gouv.fr/publications/c…

Techno Watch September ➡️ part 2/4 & 3/4 ! 🌹 youtube.com/watch?v=Jz6K-S… youtube.com/watch?v=jUVYc4…

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear…

EKUwu vulnerability was just patched by Microsoft. A security update is available : msrc.microsoft.com/update-guide/v… x.com/TrustedSec/sta…

Just discovered this nice resource about DOM Clobbering attacks : domclob.xyz Thank you Soheil Khodayari for this amazing work

Yop ! 🌿 Reprise des veilles technos ce soir 21h ! 🌖 En compagnie de Yann Maltemo Swissky 😎 ~ See you there ~ twitch.tv/thelaluka

Hi it's me again, I've been calling for a while now, you need to pay your health insurance Sir... Or have some replays? 😏 La dernière Techno Watch avec Yann Maltemo et Swissky !🌿 FYI: Pas de stream ce mardi 4 Fev ➡️ HTB Meetup Lyon ! Rdv au Elephant and

New Active Directory Mindmap v2025.03! 🚀 📖 Readable version: orange-cyberdefense.github.io/ocd-mindmaps/i… 🔧 Now fully generated from markdown files—way easier to update and maintain! 💡 Got improvements? PRs welcome! 👉 github.com/Orange-Cyberde…

I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by Gareth Heyes \u2028 However, an important update has occurred since then, which I wrote below ->

I have just released my first tool : GPOHound 🚀 GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis. 🔗Check it out here: github.com/cogiceo/GPOHou…

Blip Maltemo Bloup Karim Adala Boum 💣️ twitch.tv/thelaluka

Documenté, Sourcé, Miniaturé, Plus qu'à... Siroter ! 🎁 Cc Maltemo 🤝 Karim Adala youtube.com/live/we_T4x6WD…

🔍 New research on a niche technique to abuse "GPP Local Users and Groups" to elevate privileges locally through sAMAccountName hijacking. This research comes with a new GPOHound update to detect this misconfiguration. 🔗 Read more: cogiceo.com/en/whitepaper_…

My new research Escalation of Self-XSS to XSS using modern browser capabilities. blog.slonser.info/posts/make-sel…

Hoy ! Pas de stream ce soir... MAIS ! Release d'une petite série que j'ai pris plaisir à vivre, tourner, et réaliser sur le travail fait ave d'autres nombreux bénévoles pour Hack4Values ! On y parle de l'organisation, des enjeux, des ONG évidemment, mais aussi des bugs

the watchers: how openai, the US government, and persona have been secretly running an identity surveillance system since nov 2023. vmfunc.re/blog/persona researched by celeste, MDL, Dziurwa